On Mon, Aug 8, 2011 at 11:52 PM, David Conrad <drc at virtualized.org> wrote:
> Chris,
>> On Aug 8, 2011, at 2:56 PM, Christopher Morrow wrote:
>> messing with basic plumbing will have unintended consequences, they will be bad.
>>>> If the users her WANT to have this experience, there are lots of
>> in-browser/application methods to achieve this, hijacking DNS at the
>> resolver is really just NOT the right answer, ever.
>> See that ship off on the horizon? It appears to have sailed...
doesn't mean I can't be the cranky old man shaking my fist, right?
>> I'm told that non-trivial revenue is being generated by ISPs who are doing this redirection. As long as that is true, I suspect it's unlikely pointing out how broken hijacking DNS is will be particularly effective.
>
yea... so that, so I understand, depends a lot on who's telling the
tale. From one source at an ISP doing this, the revenues are not
anywhere near what was promised by the vendor(s). Anyway, I'm not sure
what they are, we probably won't ever know what they really are :(
I suppose it'll continue as long as people consider it 'ok' to be
subjected to this and don't leave their ISP for an alternative. (where
available!) Oh, maybe dns-sec will help us with this problem too?
nsec3 to the rescue?